Do you have any recommendations with respect to storing the secret key used for encryption of FW downloads? From my perspective, I have 1 of 2 choices. Either the firmware binaries are encrypted before being added to the deployment server and the bootloader FW consequently needs to have the secret key hardcoded. Or the firmware binaries are encrypted on the fly by the deployment server using a secret key created during negotiation with the bootloader. But in this case we still need a bootloader private ECC key hardcoded in the bootloader FW in order to generate the secret. Am I missing something, or will I always need to hardcode some secret key in the bootloader?